#cybersecurity | hacker #cybersecurity | #hackerspace | Single Sign On for Healthcare and HIPAA Compliance

Identity management in healthcare is a critical aspect of HIPAA compliance. With more and more applications offered from the cloud, healthcare organizations need to consider some form of single sign-on (SSO) to help increase IT control while making it easier for their users to access the applications they need.

Identity management as a practice spans many of the resources organizations use on a daily basis. In this post, we’ll detail how controlling access to cloud applications, such as electronic medical and health record (EMR and EHR, respectively) software, affects HIPAA compliance. 

Managing Identities in Healthcare

Although every industry must be vigilant about identity and access management (IAM), healthcare companies — the industry most frequently targeted by hackers — need to be the most careful of all. 

Moreover, compromised identities are the number one attack vector for bad actors. These two factors illustrate just how badly healthcare organizations need strong, secure identity management.

On top of that, healthcare companies must always be conscious of HIPAA. HIPAA (Health Insurance Portability and Accountability Act of 1996) is a compliance requirement for any U.S.-based healthcare organization. As a part of its technical compliance regulations, HIPAA requires strong identity management. So, aside from the facts detailed above, healthcare organizations must have their identities tightly secured to ensure compliance.

SSO for Identity Management

Although many of the applications healthcare organizations leverage live on-prem, several of them are now leverageable from the cloud — including EMR/EHR. Traditional identity management solutions, such as Microsoft^® Active Directory^®, face troubles when extending their on-prem identities to cloud resources. That is why many organizations have turned to web application single sign-on solutions.

Using SSO allows end users to leverage a single identity based in their on-prem or cloud identity management tooling for all of their cloud-based applications. That means that end users have no need to write their passwords on sticky notes or make short, insecure passwords to ensure they can remember them. Some SSO providers offer multi-factor authentication (MFA) to make application identity access even more secure.

Although SSO is generally a solid (Read more…)